Talos has added and modified multiple rules in the app-detect, browser-ie, browser-other, exploit-kit, file-pdf, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules)
* 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules)
* 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
* 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules)
* 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
* 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules)
* 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules)
* 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
* 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules)
* 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (snort3-malware-other.rules) * 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (snort3-malware-other.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (snort3-malware-other.rules) * 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (snort3-malware-other.rules) * 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (snort3-malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (snort3-malware-cnc.rules)
* 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (snort3-browser-other.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (snort3-server-webapp.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (snort3-browser-ie.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (snort3-exploit-kit.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (snort3-exploit-kit.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (snort3-app-detect.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (snort3-browser-other.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (snort3-exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (snort3-exploit-kit.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (snort3-server-webapp.rules) * 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (snort3-exploit-kit.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (snort3-app-detect.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57471 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agent malicious script payload download attempt (malware-other.rules) * 1:57473 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 1:57474 <-> ENABLED <-> MALWARE-CNC Win.Malware.LemonDuck variant outbound cnc connection (malware-cnc.rules) * 1:57472 <-> ENABLED <-> MALWARE-OTHER Win.Malware.LemonDuck variant payload download attempt (malware-other.rules) * 3:57476 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-other.rules) * 3:57480 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57477 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2021-1282 attack attempt (policy-other.rules) * 3:57475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1284 attack attempt (server-webapp.rules) * 3:57479 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1287 attack attempt (file-pdf.rules) * 3:57478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1281 attack attempt (server-webapp.rules)
* 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
